summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPaul Moore <paul@paul-moore.com>2022-02-09 20:49:38 +0100
committerPaul Moore <paul@paul-moore.com>2022-02-09 22:04:26 +0100
commit7a82f89de92aac5a244d3735b2bd162c1147620c (patch)
tree87ccbb01f4c5d75eac090a45840bfc64f39446ce
parentaudit: improve audit queue handling when "audit=1" on cmdline (diff)
downloadlinux-7a82f89de92aac5a244d3735b2bd162c1147620c.tar.xz
linux-7a82f89de92aac5a244d3735b2bd162c1147620c.zip
audit: don't deref the syscall args when checking the openat2 open_how::flags
As reported by Jeff, dereferencing the openat2 syscall argument in audit_match_perm() to obtain the open_how::flags can result in an oops/page-fault. This patch fixes this by using the open_how struct that we store in the audit_context with audit_openat2_how(). Independent of this patch, Richard Guy Briggs posted a similar patch to the audit mailing list roughly 40 minutes after this patch was posted. Cc: stable@vger.kernel.org Fixes: 1c30e3af8a79 ("audit: add support for the openat2 syscall") Reported-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
-rw-r--r--kernel/auditsc.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index fce5d43a933f..a83928cbdcb7 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -185,7 +185,7 @@ static int audit_match_perm(struct audit_context *ctx, int mask)
case AUDITSC_EXECVE:
return mask & AUDIT_PERM_EXEC;
case AUDITSC_OPENAT2:
- return mask & ACC_MODE((u32)((struct open_how *)ctx->argv[2])->flags);
+ return mask & ACC_MODE((u32)ctx->openat2.flags);
default:
return 0;
}